util.c revision 313c284b8ad24b5119cca6dd6e08eb330f3f63a7
0066eddda7203f6345b56f77d146a759298dc635gryzor/* ====================================================================
0066eddda7203f6345b56f77d146a759298dc635gryzor * The Apache Software License, Version 1.1
0066eddda7203f6345b56f77d146a759298dc635gryzor *
a025329610d2b832bb62bc34dd328985e14e8718lgentis * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
0066eddda7203f6345b56f77d146a759298dc635gryzor * reserved.
0066eddda7203f6345b56f77d146a759298dc635gryzor *
0066eddda7203f6345b56f77d146a759298dc635gryzor * Redistribution and use in source and binary forms, with or without
0066eddda7203f6345b56f77d146a759298dc635gryzor * modification, are permitted provided that the following conditions
0066eddda7203f6345b56f77d146a759298dc635gryzor * are met:
0066eddda7203f6345b56f77d146a759298dc635gryzor *
0066eddda7203f6345b56f77d146a759298dc635gryzor * 1. Redistributions of source code must retain the above copyright
0066eddda7203f6345b56f77d146a759298dc635gryzor * notice, this list of conditions and the following disclaimer.
0066eddda7203f6345b56f77d146a759298dc635gryzor *
0066eddda7203f6345b56f77d146a759298dc635gryzor * 2. Redistributions in binary form must reproduce the above copyright
0066eddda7203f6345b56f77d146a759298dc635gryzor * notice, this list of conditions and the following disclaimer in
0066eddda7203f6345b56f77d146a759298dc635gryzor * the documentation and/or other materials provided with the
0066eddda7203f6345b56f77d146a759298dc635gryzor * distribution.
0066eddda7203f6345b56f77d146a759298dc635gryzor *
0066eddda7203f6345b56f77d146a759298dc635gryzor * 3. The end-user documentation included with the redistribution,
0066eddda7203f6345b56f77d146a759298dc635gryzor * if any, must include the following acknowledgment:
0066eddda7203f6345b56f77d146a759298dc635gryzor * "This product includes software developed by the
0066eddda7203f6345b56f77d146a759298dc635gryzor * Apache Software Foundation (http://www.apache.org/)."
0066eddda7203f6345b56f77d146a759298dc635gryzor * Alternately, this acknowledgment may appear in the software itself,
0066eddda7203f6345b56f77d146a759298dc635gryzor * if and wherever such third-party acknowledgments normally appear.
0066eddda7203f6345b56f77d146a759298dc635gryzor *
0066eddda7203f6345b56f77d146a759298dc635gryzor * 4. The names "Apache" and "Apache Software Foundation" must
0066eddda7203f6345b56f77d146a759298dc635gryzor * not be used to endorse or promote products derived from this
0066eddda7203f6345b56f77d146a759298dc635gryzor * software without prior written permission. For written
0066eddda7203f6345b56f77d146a759298dc635gryzor * permission, please contact apache@apache.org.
0066eddda7203f6345b56f77d146a759298dc635gryzor *
0066eddda7203f6345b56f77d146a759298dc635gryzor * 5. Products derived from this software may not be called "Apache",
0066eddda7203f6345b56f77d146a759298dc635gryzor * nor may "Apache" appear in their name, without prior written
0066eddda7203f6345b56f77d146a759298dc635gryzor * permission of the Apache Software Foundation.
0066eddda7203f6345b56f77d146a759298dc635gryzor *
0066eddda7203f6345b56f77d146a759298dc635gryzor * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
0066eddda7203f6345b56f77d146a759298dc635gryzor * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
0066eddda7203f6345b56f77d146a759298dc635gryzor * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
0066eddda7203f6345b56f77d146a759298dc635gryzor * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
0066eddda7203f6345b56f77d146a759298dc635gryzor * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
0066eddda7203f6345b56f77d146a759298dc635gryzor * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
0066eddda7203f6345b56f77d146a759298dc635gryzor * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
0066eddda7203f6345b56f77d146a759298dc635gryzor * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
0066eddda7203f6345b56f77d146a759298dc635gryzor * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
0066eddda7203f6345b56f77d146a759298dc635gryzor * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
0066eddda7203f6345b56f77d146a759298dc635gryzor * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
0066eddda7203f6345b56f77d146a759298dc635gryzor * SUCH DAMAGE.
a025329610d2b832bb62bc34dd328985e14e8718lgentis * ====================================================================
0066eddda7203f6345b56f77d146a759298dc635gryzor *
0066eddda7203f6345b56f77d146a759298dc635gryzor * This software consists of voluntary contributions made by many
9f47982d4f9350397f1f62f04f1ba744ad5b6fa5lgentis * individuals on behalf of the Apache Software Foundation. For more
9f47982d4f9350397f1f62f04f1ba744ad5b6fa5lgentis * information on the Apache Software Foundation, please see
0066eddda7203f6345b56f77d146a759298dc635gryzor * <http://www.apache.org/>.
0066eddda7203f6345b56f77d146a759298dc635gryzor */
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor/*
0066eddda7203f6345b56f77d146a759298dc635gryzor** DAV extension module for Apache 2.0.*
0066eddda7203f6345b56f77d146a759298dc635gryzor** - various utilities, repository-independent
0066eddda7203f6345b56f77d146a759298dc635gryzor*/
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor#include "apr_strings.h"
0066eddda7203f6345b56f77d146a759298dc635gryzor#include "apr_lib.h"
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor#define APR_WANT_STRFUNC
0066eddda7203f6345b56f77d146a759298dc635gryzor#include "apr_want.h"
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor#include "mod_dav.h"
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor#include "http_request.h"
0066eddda7203f6345b56f77d146a759298dc635gryzor#include "http_config.h"
0066eddda7203f6345b56f77d146a759298dc635gryzor#include "http_vhost.h"
0066eddda7203f6345b56f77d146a759298dc635gryzor#include "http_log.h"
0066eddda7203f6345b56f77d146a759298dc635gryzor#include "http_protocol.h"
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzorDAV_DECLARE(dav_error*) dav_new_error(apr_pool_t *p, int status,
0066eddda7203f6345b56f77d146a759298dc635gryzor int error_id, const char *desc)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
0066eddda7203f6345b56f77d146a759298dc635gryzor int save_errno = errno;
0066eddda7203f6345b56f77d146a759298dc635gryzor dav_error *err = apr_pcalloc(p, sizeof(*err));
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor /* DBG3("dav_new_error: %d %d %s", status, error_id, desc ? desc : "(no desc)"); */
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor err->status = status;
0066eddda7203f6345b56f77d146a759298dc635gryzor err->error_id = error_id;
0066eddda7203f6345b56f77d146a759298dc635gryzor err->desc = desc;
0066eddda7203f6345b56f77d146a759298dc635gryzor err->save_errno = save_errno;
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor return err;
0066eddda7203f6345b56f77d146a759298dc635gryzor}
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzorDAV_DECLARE(dav_error*) dav_push_error(apr_pool_t *p, int status,
0066eddda7203f6345b56f77d146a759298dc635gryzor int error_id, const char *desc,
0066eddda7203f6345b56f77d146a759298dc635gryzor dav_error *prev)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
0066eddda7203f6345b56f77d146a759298dc635gryzor dav_error *err = apr_pcalloc(p, sizeof(*err));
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor err->status = status;
0066eddda7203f6345b56f77d146a759298dc635gryzor err->error_id = error_id;
0066eddda7203f6345b56f77d146a759298dc635gryzor err->desc = desc;
0066eddda7203f6345b56f77d146a759298dc635gryzor err->prev = prev;
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor return err;
0066eddda7203f6345b56f77d146a759298dc635gryzor}
0066eddda7203f6345b56f77d146a759298dc635gryzor
a025329610d2b832bb62bc34dd328985e14e8718lgentisDAV_DECLARE(void) dav_check_bufsize(apr_pool_t * p, dav_buffer *pbuf,
0066eddda7203f6345b56f77d146a759298dc635gryzor apr_size_t extra_needed)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
0066eddda7203f6345b56f77d146a759298dc635gryzor /* grow the buffer if necessary */
0066eddda7203f6345b56f77d146a759298dc635gryzor if (pbuf->cur_len + extra_needed > pbuf->alloc_len) {
0066eddda7203f6345b56f77d146a759298dc635gryzor char *newbuf;
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor pbuf->alloc_len += extra_needed + DAV_BUFFER_PAD;
0066eddda7203f6345b56f77d146a759298dc635gryzor newbuf = apr_palloc(p, pbuf->alloc_len);
0066eddda7203f6345b56f77d146a759298dc635gryzor memcpy(newbuf, pbuf->buf, pbuf->cur_len);
0066eddda7203f6345b56f77d146a759298dc635gryzor pbuf->buf = newbuf;
a025329610d2b832bb62bc34dd328985e14e8718lgentis }
0066eddda7203f6345b56f77d146a759298dc635gryzor}
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzorDAV_DECLARE(void) dav_set_bufsize(apr_pool_t * p, dav_buffer *pbuf,
0066eddda7203f6345b56f77d146a759298dc635gryzor apr_size_t size)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
0066eddda7203f6345b56f77d146a759298dc635gryzor /* NOTE: this does not retain prior contents */
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor /* NOTE: this function is used to init the first pointer, too, since
0066eddda7203f6345b56f77d146a759298dc635gryzor the PAD will be larger than alloc_len (0) for zeroed structures */
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor /* grow if we don't have enough for the requested size plus padding */
a025329610d2b832bb62bc34dd328985e14e8718lgentis if (size + DAV_BUFFER_PAD > pbuf->alloc_len) {
0066eddda7203f6345b56f77d146a759298dc635gryzor /* set the new length; min of MINSIZE */
0066eddda7203f6345b56f77d146a759298dc635gryzor pbuf->alloc_len = size + DAV_BUFFER_PAD;
0066eddda7203f6345b56f77d146a759298dc635gryzor if (pbuf->alloc_len < DAV_BUFFER_MINSIZE)
0066eddda7203f6345b56f77d146a759298dc635gryzor pbuf->alloc_len = DAV_BUFFER_MINSIZE;
a025329610d2b832bb62bc34dd328985e14e8718lgentis
a025329610d2b832bb62bc34dd328985e14e8718lgentis pbuf->buf = apr_palloc(p, pbuf->alloc_len);
0066eddda7203f6345b56f77d146a759298dc635gryzor }
0066eddda7203f6345b56f77d146a759298dc635gryzor pbuf->cur_len = size;
a025329610d2b832bb62bc34dd328985e14e8718lgentis}
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor/* initialize a buffer and copy the specified (null-term'd) string into it */
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentisDAV_DECLARE(void) dav_buffer_init(apr_pool_t *p, dav_buffer *pbuf,
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis const char *str)
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis{
0066eddda7203f6345b56f77d146a759298dc635gryzor dav_set_bufsize(p, pbuf, strlen(str));
0066eddda7203f6345b56f77d146a759298dc635gryzor memcpy(pbuf->buf, str, pbuf->cur_len + 1);
0066eddda7203f6345b56f77d146a759298dc635gryzor}
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis/* append a string to the end of the buffer, adjust length */
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentisDAV_DECLARE(void) dav_buffer_append(apr_pool_t *p, dav_buffer *pbuf,
0066eddda7203f6345b56f77d146a759298dc635gryzor const char *str)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
0066eddda7203f6345b56f77d146a759298dc635gryzor size_t len = strlen(str);
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor dav_check_bufsize(p, pbuf, len + 1);
0066eddda7203f6345b56f77d146a759298dc635gryzor memcpy(pbuf->buf + pbuf->cur_len, str, len + 1);
0066eddda7203f6345b56f77d146a759298dc635gryzor pbuf->cur_len += len;
0066eddda7203f6345b56f77d146a759298dc635gryzor}
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor/* place a string on the end of the buffer, do NOT adjust length */
0066eddda7203f6345b56f77d146a759298dc635gryzorDAV_DECLARE(void) dav_buffer_place(apr_pool_t *p, dav_buffer *pbuf,
0066eddda7203f6345b56f77d146a759298dc635gryzor const char *str)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
a025329610d2b832bb62bc34dd328985e14e8718lgentis size_t len = strlen(str);
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor dav_check_bufsize(p, pbuf, len + 1);
0066eddda7203f6345b56f77d146a759298dc635gryzor memcpy(pbuf->buf + pbuf->cur_len, str, len + 1);
a025329610d2b832bb62bc34dd328985e14e8718lgentis}
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor/* place some memory on the end of a buffer; do NOT adjust length */
0066eddda7203f6345b56f77d146a759298dc635gryzorDAV_DECLARE(void) dav_buffer_place_mem(apr_pool_t *p, dav_buffer *pbuf,
0066eddda7203f6345b56f77d146a759298dc635gryzor const void *mem, apr_size_t amt,
0066eddda7203f6345b56f77d146a759298dc635gryzor apr_size_t pad)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis dav_check_bufsize(p, pbuf, amt + pad);
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh memcpy(pbuf->buf + pbuf->cur_len, mem, amt);
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh}
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis/*
0066eddda7203f6345b56f77d146a759298dc635gryzor** dav_lookup_uri()
0066eddda7203f6345b56f77d146a759298dc635gryzor**
0066eddda7203f6345b56f77d146a759298dc635gryzor** Extension for ap_sub_req_lookup_uri() which can't handle absolute
0066eddda7203f6345b56f77d146a759298dc635gryzor** URIs properly.
0066eddda7203f6345b56f77d146a759298dc635gryzor**
0066eddda7203f6345b56f77d146a759298dc635gryzor** If NULL is returned, then an error occurred with parsing the URI or
0066eddda7203f6345b56f77d146a759298dc635gryzor** the URI does not match the current server.
0066eddda7203f6345b56f77d146a759298dc635gryzor*/
0066eddda7203f6345b56f77d146a759298dc635gryzordav_lookup_result dav_lookup_uri(const char *uri, request_rec * r)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
0066eddda7203f6345b56f77d146a759298dc635gryzor dav_lookup_result result = { 0 };
0066eddda7203f6345b56f77d146a759298dc635gryzor const char *scheme;
a025329610d2b832bb62bc34dd328985e14e8718lgentis apr_port_t port;
0066eddda7203f6345b56f77d146a759298dc635gryzor uri_components comp;
0066eddda7203f6345b56f77d146a759298dc635gryzor char *new_file;
0066eddda7203f6345b56f77d146a759298dc635gryzor const char *domain;
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor /* first thing to do is parse the URI into various components */
0066eddda7203f6345b56f77d146a759298dc635gryzor if (ap_parse_uri_components(r->pool, uri, &comp) != HTTP_OK) {
0066eddda7203f6345b56f77d146a759298dc635gryzor result.err.status = HTTP_BAD_REQUEST;
0066eddda7203f6345b56f77d146a759298dc635gryzor result.err.desc = "Invalid syntax in Destination URI.";
0066eddda7203f6345b56f77d146a759298dc635gryzor return result;
0066eddda7203f6345b56f77d146a759298dc635gryzor }
a025329610d2b832bb62bc34dd328985e14e8718lgentis
0066eddda7203f6345b56f77d146a759298dc635gryzor /* the URI must be an absoluteURI (WEBDAV S9.3) */
0066eddda7203f6345b56f77d146a759298dc635gryzor if (comp.scheme == NULL) {
0066eddda7203f6345b56f77d146a759298dc635gryzor result.err.status = HTTP_BAD_REQUEST;
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis result.err.desc = "Destination URI must be an absolute URI.";
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh return result;
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis }
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis
0066eddda7203f6345b56f77d146a759298dc635gryzor /* ### not sure this works if the current request came in via https: */
0066eddda7203f6345b56f77d146a759298dc635gryzor scheme = r->parsed_uri.scheme;
0066eddda7203f6345b56f77d146a759298dc635gryzor if (scheme == NULL)
d28e54f867ab1292ce75324d90680396c1d5f47dlgentis scheme = ap_http_method(r);
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis /* now, verify that the URI uses the same scheme as the current request.
0066eddda7203f6345b56f77d146a759298dc635gryzor the port, must match our port.
d28e54f867ab1292ce75324d90680396c1d5f47dlgentis the URI must not have a query (args) or a fragment
0066eddda7203f6345b56f77d146a759298dc635gryzor */
0066eddda7203f6345b56f77d146a759298dc635gryzor apr_sockaddr_port_get(&port, r->connection->local_addr);
0066eddda7203f6345b56f77d146a759298dc635gryzor if (strcasecmp(comp.scheme, scheme) != 0 ||
0066eddda7203f6345b56f77d146a759298dc635gryzor comp.port != port) {
0066eddda7203f6345b56f77d146a759298dc635gryzor result.err.status = HTTP_BAD_GATEWAY;
0066eddda7203f6345b56f77d146a759298dc635gryzor result.err.desc = apr_psprintf(r->pool,
0066eddda7203f6345b56f77d146a759298dc635gryzor "Destination URI refers to different "
0066eddda7203f6345b56f77d146a759298dc635gryzor "scheme or port (%s://hostname:%d)"
0066eddda7203f6345b56f77d146a759298dc635gryzor APR_EOL_STR "(want: %s://hostname:%d)",
0066eddda7203f6345b56f77d146a759298dc635gryzor comp.scheme ? comp.scheme : scheme,
0066eddda7203f6345b56f77d146a759298dc635gryzor comp.port ? comp.port : port,
0066eddda7203f6345b56f77d146a759298dc635gryzor scheme, port);
a025329610d2b832bb62bc34dd328985e14e8718lgentis return result;
0066eddda7203f6345b56f77d146a759298dc635gryzor }
0066eddda7203f6345b56f77d146a759298dc635gryzor if (comp.query != NULL || comp.fragment != NULL) {
0066eddda7203f6345b56f77d146a759298dc635gryzor result.err.status = HTTP_BAD_REQUEST;
0066eddda7203f6345b56f77d146a759298dc635gryzor result.err.desc =
a025329610d2b832bb62bc34dd328985e14e8718lgentis "Destination URI contains invalid components "
0066eddda7203f6345b56f77d146a759298dc635gryzor "(a query or a fragment).";
a025329610d2b832bb62bc34dd328985e14e8718lgentis return result;
0066eddda7203f6345b56f77d146a759298dc635gryzor }
0066eddda7203f6345b56f77d146a759298dc635gryzor
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh /* we have verified the scheme, port, and general structure */
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh /*
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis ** Hrm. IE5 will pass unqualified hostnames for both the
0066eddda7203f6345b56f77d146a759298dc635gryzor ** Host: and Destination: headers. This breaks the
0066eddda7203f6345b56f77d146a759298dc635gryzor ** http_vhost.c::matches_aliases function.
0066eddda7203f6345b56f77d146a759298dc635gryzor **
0066eddda7203f6345b56f77d146a759298dc635gryzor ** For now, qualify unqualified comp.hostnames with
0066eddda7203f6345b56f77d146a759298dc635gryzor ** r->server->server_hostname.
0066eddda7203f6345b56f77d146a759298dc635gryzor **
0066eddda7203f6345b56f77d146a759298dc635gryzor ** ### this is a big hack. Apache should provide a better way.
0066eddda7203f6345b56f77d146a759298dc635gryzor ** ### maybe the admin should list the unqualified hosts in a
0066eddda7203f6345b56f77d146a759298dc635gryzor ** ### <ServerAlias> block?
0066eddda7203f6345b56f77d146a759298dc635gryzor */
0066eddda7203f6345b56f77d146a759298dc635gryzor if (strrchr(comp.hostname, '.') == NULL &&
0066eddda7203f6345b56f77d146a759298dc635gryzor (domain = strchr(r->server->server_hostname, '.')) != NULL) {
0066eddda7203f6345b56f77d146a759298dc635gryzor comp.hostname = apr_pstrcat(r->pool, comp.hostname, domain, NULL);
a025329610d2b832bb62bc34dd328985e14e8718lgentis }
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor /* now, if a hostname was provided, then verify that it represents the
0066eddda7203f6345b56f77d146a759298dc635gryzor same server as the current connection. note that we just use our
a025329610d2b832bb62bc34dd328985e14e8718lgentis port, since we've verified the URI matches ours */
0066eddda7203f6345b56f77d146a759298dc635gryzor if (comp.hostname != NULL &&
0066eddda7203f6345b56f77d146a759298dc635gryzor !ap_matches_request_vhost(r, comp.hostname, port)) {
0066eddda7203f6345b56f77d146a759298dc635gryzor result.err.status = HTTP_BAD_GATEWAY;
0066eddda7203f6345b56f77d146a759298dc635gryzor result.err.desc = "Destination URI refers to a different server.";
0066eddda7203f6345b56f77d146a759298dc635gryzor return result;
a025329610d2b832bb62bc34dd328985e14e8718lgentis }
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor /* we have verified that the requested URI denotes the same server as
0066eddda7203f6345b56f77d146a759298dc635gryzor the current request. Therefore, we can use ap_sub_req_lookup_uri() */
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh /* reconstruct a URI as just the path */
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh new_file = ap_unparse_uri_components(r->pool, &comp, UNP_OMITSITEPART);
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh /*
0066eddda7203f6345b56f77d146a759298dc635gryzor * Lookup the URI and return the sub-request. Note that we use the
0066eddda7203f6345b56f77d146a759298dc635gryzor * same HTTP method on the destination. This allows the destination
0066eddda7203f6345b56f77d146a759298dc635gryzor * to apply appropriate restrictions (e.g. readonly).
0066eddda7203f6345b56f77d146a759298dc635gryzor */
0066eddda7203f6345b56f77d146a759298dc635gryzor result.rnew = ap_sub_req_method_uri(r->method, new_file, r, NULL);
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor return result;
0066eddda7203f6345b56f77d146a759298dc635gryzor}
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor/* ---------------------------------------------------------------
0066eddda7203f6345b56f77d146a759298dc635gryzor**
0066eddda7203f6345b56f77d146a759298dc635gryzor** XML UTILITY FUNCTIONS
a025329610d2b832bb62bc34dd328985e14e8718lgentis*/
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor/* validate that the root element uses a given DAV: tagname (TRUE==valid) */
0066eddda7203f6345b56f77d146a759298dc635gryzorint dav_validate_root(const ap_xml_doc *doc, const char *tagname)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
0066eddda7203f6345b56f77d146a759298dc635gryzor return doc->root &&
0066eddda7203f6345b56f77d146a759298dc635gryzor doc->root->ns == AP_XML_NS_DAV_ID &&
0066eddda7203f6345b56f77d146a759298dc635gryzor strcmp(doc->root->name, tagname) == 0;
0066eddda7203f6345b56f77d146a759298dc635gryzor}
0066eddda7203f6345b56f77d146a759298dc635gryzor
a025329610d2b832bb62bc34dd328985e14e8718lgentis/* find and return the (unique) child with a given DAV: tagname */
0066eddda7203f6345b56f77d146a759298dc635gryzorap_xml_elem *dav_find_child(const ap_xml_elem *elem, const char *tagname)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
0066eddda7203f6345b56f77d146a759298dc635gryzor ap_xml_elem *child = elem->first_child;
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh for (; child; child = child->next)
784fd1e5958e08cf05cd929c6e6b117b06adc2cflgentis if (child->ns == AP_XML_NS_DAV_ID && !strcmp(child->name, tagname))
70d39834fda98ce22bd29dc44c5fae5c9abe3a06humbedooh return child;
0066eddda7203f6345b56f77d146a759298dc635gryzor return NULL;
0066eddda7203f6345b56f77d146a759298dc635gryzor}
0066eddda7203f6345b56f77d146a759298dc635gryzor
0066eddda7203f6345b56f77d146a759298dc635gryzor/* gather up all the CDATA into a single string */
0066eddda7203f6345b56f77d146a759298dc635gryzorconst char *dav_xml_get_cdata(const ap_xml_elem *elem, apr_pool_t *pool,
0066eddda7203f6345b56f77d146a759298dc635gryzor int strip_white)
0066eddda7203f6345b56f77d146a759298dc635gryzor{
0066eddda7203f6345b56f77d146a759298dc635gryzor apr_size_t len = 0;
0066eddda7203f6345b56f77d146a759298dc635gryzor ap_text *scan;
0066eddda7203f6345b56f77d146a759298dc635gryzor const ap_xml_elem *child;
0066eddda7203f6345b56f77d146a759298dc635gryzor char *cdata;
0066eddda7203f6345b56f77d146a759298dc635gryzor char *s;
apr_size_t tlen;
for (scan = elem->first_cdata.first; scan != NULL; scan = scan->next)
len += strlen(scan->text);
for (child = elem->first_child; child != NULL; child = child->next) {
for (scan = child->following_cdata.first;
scan != NULL;
scan = scan->next)
len += strlen(scan->text);
}
cdata = s = apr_palloc(pool, len + 1);
for (scan = elem->first_cdata.first; scan != NULL; scan = scan->next) {
tlen = strlen(scan->text);
memcpy(s, scan->text, tlen);
s += tlen;
}
for (child = elem->first_child; child != NULL; child = child->next) {
for (scan = child->following_cdata.first;
scan != NULL;
scan = scan->next) {
tlen = strlen(scan->text);
memcpy(s, scan->text, tlen);
s += tlen;
}
}
*s = '\0';
if (strip_white && len > 0) {
/* trim leading whitespace */
while (apr_isspace(*cdata)) /* assume: return false for '\0' */
++cdata;
/* trim trailing whitespace */
while (len-- > 0 && apr_isspace(cdata[len]))
continue;
cdata[len + 1] = '\0';
}
return cdata;
}
/* ---------------------------------------------------------------
**
** Timeout header processing
**
*/
/* dav_get_timeout: If the Timeout: header exists, return a time_t
* when this lock is expected to expire. Otherwise, return
* a time_t of DAV_TIMEOUT_INFINITE.
*
* It's unclear if DAV clients are required to understand
* Seconds-xxx and Infinity time values. We assume that they do.
* In addition, for now, that's all we understand, too.
*/
time_t dav_get_timeout(request_rec *r)
{
time_t now, expires = DAV_TIMEOUT_INFINITE;
const char *timeout_const = apr_table_get(r->headers_in, "Timeout");
const char *timeout = apr_pstrdup(r->pool, timeout_const), *val;
if (timeout == NULL)
return DAV_TIMEOUT_INFINITE;
/* Use the first thing we understand, or infinity if
* we don't understand anything.
*/
while ((val = ap_getword_white(r->pool, &timeout)) && strlen(val)) {
if (!strncmp(val, "Infinite", 8)) {
return DAV_TIMEOUT_INFINITE;
}
if (!strncmp(val, "Second-", 7)) {
val += 7;
/* ### We need to handle overflow better:
* ### timeout will be <= 2^32 - 1
*/
expires = atol(val);
now = time(NULL);
return now + expires;
}
}
return DAV_TIMEOUT_INFINITE;
}
/* ---------------------------------------------------------------
**
** If Header processing
**
*/
/* add_if_resource returns a new if_header, linking it to next_ih.
*/
static dav_if_header *dav_add_if_resource(apr_pool_t *p, dav_if_header *next_ih,
const char *uri, size_t uri_len)
{
dav_if_header *ih;
if ((ih = apr_pcalloc(p, sizeof(*ih))) == NULL)
return NULL;
ih->uri = uri;
ih->uri_len = uri_len;
ih->next = next_ih;
return ih;
}
/* add_if_state adds a condition to an if_header.
*/
static dav_error * dav_add_if_state(apr_pool_t *p, dav_if_header *ih,
const char *state_token,
dav_if_state_type t, int condition,
const dav_hooks_locks *locks_hooks)
{
dav_if_state_list *new_sl;
new_sl = apr_pcalloc(p, sizeof(*new_sl));
new_sl->condition = condition;
new_sl->type = t;
if (t == dav_if_opaquelock) {
dav_error *err;
if ((err = (*locks_hooks->parse_locktoken)(p, state_token,
&new_sl->locktoken)) != NULL) {
/* ### maybe add a higher-level description */
return err;
}
}
else
new_sl->etag = state_token;
new_sl->next = ih->state;
ih->state = new_sl;
return NULL;
}
/* fetch_next_token returns the substring from str+1
* to the next occurence of char term, or \0, whichever
* occurs first. Leading whitespace is ignored.
*/
static char *dav_fetch_next_token(char **str, char term)
{
char *sp;
char *token;
token = *str + 1;
while (*token && (*token == ' ' || *token == '\t'))
token++;
if ((sp = strchr(token, term)) == NULL)
return NULL;
*sp = '\0';
*str = sp;
return token;
}
/* dav_process_if_header:
*
* If NULL (no error) is returned, then **if_header points to the
* "If" productions structure (or NULL if "If" is not present).
*
* ### this part is bogus:
* If an error is encountered, the error is logged. Parent should
* return err->status.
*/
static dav_error * dav_process_if_header(request_rec *r, dav_if_header **p_ih)
{
dav_error *err;
char *str;
char *list;
const char *state_token;
const char *uri = NULL; /* scope of current production; NULL=no-tag */
size_t uri_len = 0;
dav_if_header *ih = NULL;
uri_components parsed_uri;
const dav_hooks_locks *locks_hooks = DAV_GET_HOOKS_LOCKS(r);
enum {no_tagged, tagged, unknown} list_type = unknown;
int condition;
*p_ih = NULL;
if ((str = apr_pstrdup(r->pool, apr_table_get(r->headers_in, "If"))) == NULL)
return NULL;
while (*str) {
switch(*str) {
case '<':
/* Tagged-list production - following states apply to this uri */
if (list_type == no_tagged
|| ((uri = dav_fetch_next_token(&str, '>')) == NULL)) {
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_TAGGED,
"Invalid If-header: unclosed \"<\" or "
"unexpected tagged-list production.");
}
/* 2518 specifies this must be an absolute URI; just take the
* relative part for later comparison against r->uri */
if (ap_parse_uri_components(r->pool, uri, &parsed_uri) != HTTP_OK) {
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_TAGGED,
"Invalid URI in tagged If-header.");
}
/* note that parsed_uri.path is allocated; we can trash it */
/* clean up the URI a bit */
ap_getparents(parsed_uri.path);
uri_len = strlen(parsed_uri.path);
if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/')
parsed_uri.path[--uri_len] = '\0';
uri = parsed_uri.path;
list_type = tagged;
break;
case '(':
/* List production */
/* If a uri has not been encountered, this is a No-Tagged-List */
if (list_type == unknown)
list_type = no_tagged;
if ((list = dav_fetch_next_token(&str, ')')) == NULL) {
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_UNCLOSED_PAREN,
"Invalid If-header: unclosed \"(\".");
}
if ((ih = dav_add_if_resource(r->pool, ih, uri, uri_len)) == NULL) {
/* ### dav_add_if_resource() should return an error for us! */
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_PARSE,
"Internal server error parsing \"If:\" "
"header.");
}
condition = DAV_IF_COND_NORMAL;
while (*list) {
/* List is the entire production (in a uri scope) */
switch (*list) {
case '<':
if ((state_token = dav_fetch_next_token(&list, '>')) == NULL) {
/* ### add a description to this error */
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_PARSE, NULL);
}
if ((err = dav_add_if_state(r->pool, ih, state_token, dav_if_opaquelock,
condition, locks_hooks)) != NULL) {
/* ### maybe add a higher level description */
return err;
}
condition = DAV_IF_COND_NORMAL;
break;
case '[':
if ((state_token = dav_fetch_next_token(&list, ']')) == NULL) {
/* ### add a description to this error */
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_PARSE, NULL);
}
if ((err = dav_add_if_state(r->pool, ih, state_token, dav_if_etag,
condition, locks_hooks)) != NULL) {
/* ### maybe add a higher level description */
return err;
}
condition = DAV_IF_COND_NORMAL;
break;
case 'N':
if (list[1] == 'o' && list[2] == 't') {
if (condition != DAV_IF_COND_NORMAL) {
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_MULTIPLE_NOT,
"Invalid \"If:\" header: "
"Multiple \"not\" entries "
"for the same state.");
}
condition = DAV_IF_COND_NOT;
}
list += 2;
break;
case ' ':
case '\t':
break;
default:
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_UNK_CHAR,
apr_psprintf(r->pool,
"Invalid \"If:\" "
"header: Unexpected "
"character encountered "
"(0x%02x, '%c').",
*list, *list));
}
list++;
}
break;
case ' ':
case '\t':
break;
default:
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_UNK_CHAR,
apr_psprintf(r->pool,
"Invalid \"If:\" header: "
"Unexpected character "
"encountered (0x%02x, '%c').",
*str, *str));
}
str++;
}
*p_ih = ih;
return NULL;
}
static int dav_find_submitted_locktoken(const dav_if_header *if_header,
const dav_lock *lock_list,
const dav_hooks_locks *locks_hooks)
{
for (; if_header != NULL; if_header = if_header->next) {
const dav_if_state_list *state_list;
for (state_list = if_header->state;
state_list != NULL;
state_list = state_list->next) {
if (state_list->type == dav_if_opaquelock) {
const dav_lock *lock;
/* given state_list->locktoken, match it */
/*
** The resource will have one or more lock tokens. We only
** need to match one of them against any token in the
** If: header.
**
** One token case: It is an exclusive or shared lock. Either
** way, we must find it.
**
** N token case: They are shared locks. By policy, we need
** to match only one. The resource's other
** tokens may belong to somebody else (so we
** shouldn't see them in the If: header anyway)
*/
for (lock = lock_list; lock != NULL; lock = lock->next) {
if (!(*locks_hooks->compare_locktoken)(state_list->locktoken, lock->locktoken)) {
return 1;
}
}
}
}
}
return 0;
}
/* dav_validate_resource_state:
* Returns NULL if path/uri meets if-header and lock requirements
*/
static dav_error * dav_validate_resource_state(apr_pool_t *p,
const dav_resource *resource,
dav_lockdb *lockdb,
const dav_if_header *if_header,
int flags,
dav_buffer *pbuf,
request_rec *r)
{
dav_error *err;
const char *uri;
const char *etag;
const dav_hooks_locks *locks_hooks = (lockdb ? lockdb->hooks : NULL);
const dav_if_header *ifhdr_scan;
dav_if_state_list *state_list;
dav_lock *lock_list;
dav_lock *lock;
int num_matched;
int num_that_apply;
int seen_locktoken;
apr_size_t uri_len;
const char *reason = NULL;
/* DBG1("validate: <%s>", resource->uri); */
/*
** The resource will have one of three states:
**
** 1) No locks. We have no special requirements that the user supply
** specific locktokens. One of the state lists must match, and
** we're done.
**
** 2) One exclusive lock. The locktoken must appear *anywhere* in the
** If: header. Of course, asserting the token in a "Not" term will
** quickly fail that state list :-). If the locktoken appears in
** one of the state lists *and* one state list matches, then we're
** done.
**
** 3) One or more shared locks. One of the locktokens must appear
** *anywhere* in the If: header. If one of the locktokens appears,
** and we match one state list, then we are done.
**
** The <seen_locktoken> variable determines whether we have seen one
** of this resource's locktokens in the If: header.
*/
/*
** If this is a new lock request, <flags> will contain the requested
** lock scope. Three rules apply:
**
** 1) Do not require a (shared) locktoken to be seen (when we are
** applying another shared lock)
** 2) If the scope is exclusive and we see any locks, fail.
** 3) If the scope is shared and we see an exclusive lock, fail.
*/
if (lockdb == NULL) {
/* we're in State 1. no locks. */
lock_list = NULL;
}
else {
/*
** ### hrm... we don't need to have these fully
** ### resolved since we're only looking at the
** ### locktokens...
**
** ### use get_locks w/ calltype=PARTIAL
*/
if ((err = dav_lock_query(lockdb, resource, &lock_list)) != NULL) {
return dav_push_error(p,
HTTP_INTERNAL_SERVER_ERROR, 0,
"The locks could not be queried for "
"verification against a possible \"If:\" "
"header.",
err);
}
/* lock_list now determines whether we're in State 1, 2, or 3. */
}
/*
** For a new, exclusive lock: if any locks exist, fail.
** For a new, shared lock: if an exclusive lock exists, fail.
** else, do not require a token to be seen.
*/
if (flags & DAV_LOCKSCOPE_EXCLUSIVE) {
if (lock_list != NULL) {
return dav_new_error(p, HTTP_LOCKED, 0,
"Existing lock(s) on the requested resource "
"prevent an exclusive lock.");
}
/*
** There are no locks, so we can pretend that we've already met
** any requirement to find the resource's locks in an If: header.
*/
seen_locktoken = 1;
}
else if (flags & DAV_LOCKSCOPE_SHARED) {
/*
** Strictly speaking, we don't need this loop. Either the first
** (and only) lock will be EXCLUSIVE, or none of them will be.
*/
for (lock = lock_list; lock != NULL; lock = lock->next) {
if (lock->scope == DAV_LOCKSCOPE_EXCLUSIVE) {
return dav_new_error(p, HTTP_LOCKED, 0,
"The requested resource is already "
"locked exclusively.");
}
}
/*
** The locks on the resource (if any) are all shared. Set the
** <seen_locktoken> flag to indicate that we do not need to find
** the locks in an If: header.
*/
seen_locktoken = 1;
}
else {
/*
** For methods other than LOCK:
**
** If we have no locks, then <seen_locktoken> can be set to true --
** pretending that we've already met the requirement of seeing one
** of the resource's locks in the If: header.
**
** Otherwise, it must be cleared and we'll look for one.
*/
seen_locktoken = (lock_list == NULL);
}
/*
** If there is no If: header, then we can shortcut some logic:
**
** 1) if we do not need to find a locktoken in the (non-existent) If:
** header, then we are successful.
**
** 2) if we must find a locktoken in the (non-existent) If: header, then
** we fail.
*/
if (if_header == NULL) {
if (seen_locktoken)
return NULL;
return dav_new_error(p, HTTP_LOCKED, 0,
"This resource is locked and an \"If:\" header "
"was not supplied to allow access to the "
"resource.");
}
/* the If: header is present */
/*
** If a dummy header is present (because of a Lock-Token: header), then
** we are required to find that token in this resource's set of locks.
** If we have no locks, then we immediately fail.
**
** This is a 400 (Bad Request) since they should only submit a locktoken
** that actually exists.
**
** Don't issue this response if we're talking about the parent resource.
** It is okay for that resource to NOT have this locktoken.
** (in fact, it certainly will not: a dummy_header only occurs for the
** UNLOCK method, the parent is checked only for locknull resources,
** and the parent certainly does not have the (locknull's) locktoken)
*/
if (lock_list == NULL && if_header->dummy_header) {
if (flags & DAV_VALIDATE_IS_PARENT)
return NULL;
return dav_new_error(p, HTTP_BAD_REQUEST, 0,
"The locktoken specified in the \"Lock-Token:\" "
"header is invalid because this resource has no "
"outstanding locks.");
}
/*
** Prepare the input URI. We want the URI to never have a trailing slash.
**
** When URIs are placed into the dav_if_header structure, they are
** guaranteed to never have a trailing slash. If the URIs are equivalent,
** then it doesn't matter if they both lack a trailing slash -- they're
** still equivalent.
**
** Note: we could also ensure that a trailing slash is present on both
** URIs, but the majority of URIs provided to us via a resource walk
** will not contain that trailing slash.
*/
uri = resource->uri;
uri_len = strlen(uri);
if (uri[uri_len - 1] == '/') {
dav_set_bufsize(p, pbuf, uri_len);
memcpy(pbuf->buf, uri, uri_len);
pbuf->buf[--uri_len] = '\0';
uri = pbuf->buf;
}
/* get the resource's etag; we may need it during the checks */
etag = (*resource->hooks->getetag)(resource);
/* how many state_lists apply to this URI? */
num_that_apply = 0;
/* If there are if-headers, fail if this resource
* does not match at least one state_list.
*/
for (ifhdr_scan = if_header;
ifhdr_scan != NULL;
ifhdr_scan = ifhdr_scan->next) {
/* DBG2("uri=<%s> if_uri=<%s>", uri, ifhdr_scan->uri ? ifhdr_scan->uri : "(no uri)"); */
if (ifhdr_scan->uri != NULL
&& (uri_len != ifhdr_scan->uri_len
|| memcmp(uri, ifhdr_scan->uri, uri_len) != 0)) {
/*
** A tagged-list's URI doesn't match this resource's URI.
** Skip to the next state_list to see if it will match.
*/
continue;
}
/* this state_list applies to this resource */
/*
** ### only one state_list should ever apply! a no-tag, or a tagged
** ### where S9.4.2 states only one can match.
**
** ### revamp this code to loop thru ifhdr_scan until we find the
** ### matching state_list. process it. stop.
*/
++num_that_apply;
/* To succeed, resource must match *all* of the states
* specified in the state_list.
*/
for (state_list = ifhdr_scan->state;
state_list != NULL;
state_list = state_list->next) {
switch(state_list->type) {
case dav_if_etag:
{
int mismatch = strcmp(state_list->etag, etag);
if (state_list->condition == DAV_IF_COND_NORMAL && mismatch) {
/*
** The specified entity-tag does not match the
** entity-tag on the resource. This state_list is
** not going to match. Bust outta here.
*/
reason =
"an entity-tag was specified, but the resource's "
"actual ETag does not match.";
goto state_list_failed;
}
else if (state_list->condition == DAV_IF_COND_NOT
&& !mismatch) {
/*
** The specified entity-tag DOES match the
** entity-tag on the resource. This state_list is
** not going to match. Bust outta here.
*/
reason =
"an entity-tag was specified using the \"Not\" form, "
"but the resource's actual ETag matches the provided "
"entity-tag.";
goto state_list_failed;
}
break;
}
case dav_if_opaquelock:
if (lockdb == NULL) {
if (state_list->condition == DAV_IF_COND_NOT) {
/* the locktoken is definitely not there! (success) */
continue;
}
/* condition == DAV_IF_COND_NORMAL */
/*
** If no lockdb is provided, then validation fails for
** this state_list (NORMAL means we were supposed to
** find the token, which we obviously cannot do without
** a lock database).
**
** Go and try the next state list.
*/
reason =
"a State-token was supplied, but a lock database "
"is not available for to provide the required lock.";
goto state_list_failed;
}
/* Resource validation 'fails' if:
* ANY of the lock->locktokens match
* a NOT state_list->locktoken,
* OR
* NONE of the lock->locktokens match
* a NORMAL state_list->locktoken.
*/
num_matched = 0;
for (lock = lock_list; lock != NULL; lock = lock->next) {
/*
DBG2("compare: rsrc=%s ifhdr=%s",
(*locks_hooks->format_locktoken)(p, lock->locktoken),
(*locks_hooks->format_locktoken)(p, state_list->locktoken));
*/
/* nothing to do if the locktokens do not match. */
if ((*locks_hooks->compare_locktoken)(state_list->locktoken, lock->locktoken)) {
continue;
}
/*
** We have now matched up one of the resource's locktokens
** to a locktoken in a State-token in the If: header.
** Note this fact, so that we can pass the overall
** requirement of seeing at least one of the resource's
** locktokens.
*/
seen_locktoken = 1;
if (state_list->condition == DAV_IF_COND_NOT) {
/*
** This state requires that the specified locktoken
** is NOT present on the resource. But we just found
** it. There is no way this state-list can now
** succeed, so go try another one.
*/
reason =
"a State-token was supplied, which used a "
"\"Not\" condition. The State-token was found "
"in the locks on this resource";
goto state_list_failed;
}
/* condition == DAV_IF_COND_NORMAL */
/* Validate auth_user: If an authenticated user created
** the lock, only the same user may submit that locktoken
** to manipulate a resource.
*/
if (lock->auth_user &&
(!r->user ||
strcmp(lock->auth_user, r->user))) {
const char *errmsg;
errmsg = apr_pstrcat(p, "User \"",
r->user,
"\" submitted a locktoken created "
"by user \"",
lock->auth_user, "\".", NULL);
return dav_new_error(p, HTTP_UNAUTHORIZED, 0, errmsg);
}
/*
** We just matched a specified State-Token to one of the
** resource's locktokens.
**
** Break out of the lock scan -- we only needed to find
** one match (actually, there shouldn't be any other
** matches in the lock list).
*/
num_matched = 1;
break;
}
if (num_matched == 0
&& state_list->condition == DAV_IF_COND_NORMAL) {
/*
** We had a NORMAL state, meaning that we should have
** found the State-Token within the locks on this
** resource. We didn't, so this state_list must fail.
*/
reason =
"a State-token was supplied, but it was not found "
"in the locks on this resource.";
goto state_list_failed;
}
break;
} /* switch */
} /* foreach ( state_list ) */
/*
** We've checked every state in this state_list and none of them
** have failed. Since all of them succeeded, then we have a matching
** state list and we may be done.
**
** The next requirement is that we have seen one of the resource's
** locktokens (if any). If we have, then we can just exit. If we
** haven't, then we need to keep looking.
*/
if (seen_locktoken) {
/* woo hoo! */
return NULL;
}
/*
** Haven't seen one. Let's break out of the search and just look
** for a matching locktoken.
*/
break;
/*
** This label is used when we detect that a state_list is not
** going to match this resource. We bust out and try the next
** state_list.
*/
state_list_failed:
;
} /* foreach ( ifhdr_scan ) */
/*
** The above loop exits for one of two reasons:
** 1) a state_list matched and seen_locktoken is false.
** 2) all if_header structures were scanned, without (1) occurring
*/
if (ifhdr_scan == NULL) {
/*
** We finished the loop without finding any matching state lists.
*/
/*
** If none of the state_lists apply to this resource, then we
** may have succeeded. Note that this scenario implies a
** tagged-list with no matching state_lists. If the If: header
** was a no-tag-list, then it would have applied to this resource.
**
** S9.4.2 states that when no state_lists apply, then the header
** should be ignored.
**
** If we saw one of the resource's locktokens, then we're done.
** If we did not see a locktoken, then we fail.
*/
if (num_that_apply == 0) {
if (seen_locktoken)
return NULL;
/*
** We may have aborted the scan before seeing the locktoken.
** Rescan the If: header to see if we can find the locktoken
** somewhere.
**
** Note that seen_locktoken == 0 implies lock_list != NULL
** which implies locks_hooks != NULL.
*/
if (dav_find_submitted_locktoken(if_header, lock_list,
locks_hooks)) {
/*
** We found a match! We're set... none of the If: header
** assertions apply (implicit success), and the If: header
** specified the locktoken somewhere. We're done.
*/
return NULL;
}
return dav_new_error(p, HTTP_LOCKED, 0 /* error_id */,
"This resource is locked and the \"If:\" "
"header did not specify one of the "
"locktokens for this resource's lock(s).");
}
/* else: one or more state_lists were applicable, but failed. */
/*
** If the dummy_header did not match, then they specified an
** incorrect token in the Lock-Token header. Forget whether the
** If: statement matched or not... we'll tell them about the
** bad Lock-Token first. That is considered a 400 (Bad Request).
*/
if (if_header->dummy_header) {
return dav_new_error(p, HTTP_BAD_REQUEST, 0,
"The locktoken specified in the "
"\"Lock-Token:\" header did not specify one "
"of this resource's locktoken(s).");
}
if (reason == NULL) {
return dav_new_error(p, HTTP_PRECONDITION_FAILED, 0,
"The preconditions specified by the \"If:\" "
"header did not match this resource.");
}
return dav_new_error(p, HTTP_PRECONDITION_FAILED, 0,
apr_psprintf(p,
"The precondition(s) specified by "
"the \"If:\" header did not match "
"this resource. At least one "
"failure is because: %s", reason));
}
/* assert seen_locktoken == 0 */
/*
** ifhdr_scan != NULL implies we found a matching state_list.
**
** Since we're still here, it also means that we have not yet found
** one the resource's locktokens in the If: header.
**
** Scan all the if_headers and states looking for one of this
** resource's locktokens. Note that we need to go back and scan them
** all -- we may have aborted a scan with a failure before we saw a
** matching token.
**
** Note that seen_locktoken == 0 implies lock_list != NULL which implies
** locks_hooks != NULL.
*/
if (dav_find_submitted_locktoken(if_header, lock_list, locks_hooks)) {
/*
** We found a match! We're set... we have a matching state list,
** and the If: header specified the locktoken somewhere. We're done.
*/
return NULL;
}
/*
** We had a matching state list, but the user agent did not specify one
** of this resource's locktokens. Tell them so.
**
** Note that we need to special-case the message on whether a "dummy"
** header exists. If it exists, yet we didn't see a needed locktoken,
** then that implies the dummy header (Lock-Token header) did NOT
** specify one of this resource's locktokens. (this implies something
** in the real If: header matched)
**
** We want to note the 400 (Bad Request) in favor of a 423 (Locked).
*/
if (if_header->dummy_header) {
return dav_new_error(p, HTTP_BAD_REQUEST, 0,
"The locktoken specified in the "
"\"Lock-Token:\" header did not specify one "
"of this resource's locktoken(s).");
}
return dav_new_error(p, HTTP_LOCKED, 1 /* error_id */,
"This resource is locked and the \"If:\" header "
"did not specify one of the "
"locktokens for this resource's lock(s).");
}
/* dav_validate_walker: Walker callback function to validate resource state */
static dav_error * dav_validate_walker(dav_walk_resource *wres, int calltype)
{
dav_walker_ctx *ctx = wres->walk_ctx;
dav_error *err;
if ((err = dav_validate_resource_state(ctx->w.pool, wres->resource,
ctx->w.lockdb,
ctx->if_header, ctx->flags,
&ctx->work_buf, ctx->r)) == NULL) {
/* There was no error, so just bug out. */
return NULL;
}
/*
** If we have a serious server error, or if the request itself failed,
** then just return error (not a multistatus).
*/
if (ap_is_HTTP_SERVER_ERROR(err->status)
|| (*wres->resource->hooks->is_same_resource)(wres->resource,
ctx->w.root)) {
/* ### maybe push a higher-level description? */
return err;
}
/* associate the error with the current URI */
dav_add_response(wres, err->status, NULL);
return NULL;
}
/*
** dav_validate_request: Validate if-headers (and check for locks) on:
** (1) r->filename @ depth;
** (2) Parent of r->filename if check_parent == 1
**
** The check of parent should be done when it is necessary to verify that
** the parent collection will accept a new member (ie current resource
** state is null).
**
** Return OK on successful validation.
** On error, return appropriate HTTP_* code, and log error. If a multi-stat
** error is necessary, response will point to it, else NULL.
*/
dav_error * dav_validate_request(request_rec *r, dav_resource *resource,
int depth, dav_locktoken *locktoken,
dav_response **response, int flags,
dav_lockdb *lockdb)
{
dav_error *err;
int result;
dav_if_header *if_header;
int lock_db_opened_locally = 0;
const dav_hooks_locks *locks_hooks = DAV_GET_HOOKS_LOCKS(r);
const dav_hooks_repository *repos_hooks = resource->hooks;
dav_buffer work_buf = { 0 };
dav_response *new_response;
#if DAV_DEBUG
if (depth && response == NULL) {
/*
** ### bleck. we can't return errors for other URIs unless we have
** ### a "response" ptr.
*/
return dav_new_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
"DESIGN ERROR: dav_validate_request called "
"with depth>0, but no response ptr.");
}
#endif
if (response != NULL)
*response = NULL;
/* Do the standard checks for conditional requests using
* If-..-Since, If-Match etc */
if ((result = ap_meets_conditions(r)) != OK) {
/* ### fix this up... how? */
return dav_new_error(r->pool, result, 0, NULL);
}
/* always parse (and later process) the If: header */
if ((err = dav_process_if_header(r, &if_header)) != NULL) {
/* ### maybe add higher-level description */
return err;
}
/* If a locktoken was specified, create a dummy if_header with which
* to validate resources. In the interim, figure out why DAV uses
* locktokens in an if-header without a Lock-Token header to refresh
* locks, but a Lock-Token header without an if-header to remove them.
*/
if (locktoken != NULL) {
dav_if_header *ifhdr_new;
ifhdr_new = apr_pcalloc(r->pool, sizeof(*ifhdr_new));
ifhdr_new->uri = resource->uri;
ifhdr_new->uri_len = strlen(resource->uri);
ifhdr_new->dummy_header = 1;
ifhdr_new->state = apr_pcalloc(r->pool, sizeof(*ifhdr_new->state));
ifhdr_new->state->type = dav_if_opaquelock;
ifhdr_new->state->condition = DAV_IF_COND_NORMAL;
ifhdr_new->state->locktoken = locktoken;
ifhdr_new->next = if_header;
if_header = ifhdr_new;
}
/*
** If necessary, open the lock database (read-only, lazily);
** the validation process may need to retrieve or update lock info.
** Otherwise, assume provided lockdb is valid and opened rw.
*/
if (lockdb == NULL) {
if (locks_hooks != NULL) {
if ((err = (*locks_hooks->open_lockdb)(r, 0, 0, &lockdb)) != NULL) {
/* ### maybe insert higher-level comment */
return err;
}
lock_db_opened_locally = 1;
}
}
/* (1) Validate the specified resource, at the specified depth */
if (resource->exists && depth > 0) {
dav_walker_ctx ctx = { { 0 } };
dav_response *multi_status;
ctx.w.walk_type = DAV_WALKTYPE_NORMAL;
ctx.w.func = dav_validate_walker;
ctx.w.walk_ctx = &ctx;
ctx.w.pool = r->pool;
ctx.w.root = resource;
ctx.if_header = if_header;
ctx.r = r;
ctx.flags = flags;
if (lockdb != NULL) {
ctx.w.lockdb = lockdb;
ctx.w.walk_type |= DAV_WALKTYPE_LOCKNULL;
}
err = (*repos_hooks->walk)(&ctx.w, DAV_INFINITY, &multi_status);
if (err == NULL) {
*response = multi_status;;
}
/* else: implies a 5xx status code occurred. */
}
else {
err = dav_validate_resource_state(r->pool, resource, lockdb,
if_header, flags, &work_buf, r);
}
/* (2) Validate the parent resource if requested */
if (err == NULL && (flags & DAV_VALIDATE_PARENT)) {
dav_resource *parent_resource;
err = (*repos_hooks->get_parent_resource)(resource, &parent_resource);
if (err == NULL && parent_resource == NULL) {
err = dav_new_error(r->pool, HTTP_FORBIDDEN, 0,
"Cannot access parent of repository root.");
}
else if (err == NULL) {
err = dav_validate_resource_state(r->pool, parent_resource, lockdb,
if_header,
flags | DAV_VALIDATE_IS_PARENT,
&work_buf, r);
/*
** This error occurred on the parent resource. This implies that
** we have to create a multistatus response (to report the error
** against a URI other than the Request-URI). "Convert" this error
** into a multistatus response.
*/
if (err != NULL) {
new_response = apr_pcalloc(r->pool, sizeof(*new_response));
new_response->href = parent_resource->uri;
new_response->status = err->status;
new_response->desc =
"A validation error has occurred on the parent resource, "
"preventing the operation on the resource specified by "
"the Request-URI.";
if (err->desc != NULL) {
new_response->desc = apr_pstrcat(r->pool,
new_response->desc,
" The error was: ",
err->desc, NULL);
}
/* assert: DAV_VALIDATE_PARENT implies response != NULL */
new_response->next = *response;
*response = new_response;
err = NULL;
}
}
}
if (lock_db_opened_locally)
(*locks_hooks->close_lockdb)(lockdb);
/*
** If we don't have a (serious) error, and we have multistatus responses,
** then we need to construct an "error". This error will be the overall
** status returned, and the multistatus responses will go into its body.
**
** For certain methods, the overall error will be a 424. The default is
** to construct a standard 207 response.
*/
if (err == NULL && response != NULL && *response != NULL) {
ap_text *propstat = NULL;
if ((flags & DAV_VALIDATE_USE_424) != 0) {
/* manufacture a 424 error to hold the multistatus response(s) */
return dav_new_error(r->pool, HTTP_FAILED_DEPENDENCY, 0,
"An error occurred on another resource, "
"preventing the requested operation on "
"this resource.");
}
/*
** Whatever caused the error, the Request-URI should have a 424
** associated with it since we cannot complete the method.
**
** For a LOCK operation, insert an empty DAV:lockdiscovery property.
** For other methods, return a simple 424.
*/
if ((flags & DAV_VALIDATE_ADD_LD) != 0) {
propstat = apr_pcalloc(r->pool, sizeof(*propstat));
propstat->text =
"<D:propstat>" DEBUG_CR
"<D:prop><D:lockdiscovery/></D:prop>" DEBUG_CR
"<D:status>HTTP/1.1 424 Failed Dependency</D:status>" DEBUG_CR
"</D:propstat>" DEBUG_CR;
}
/* create the 424 response */
new_response = apr_pcalloc(r->pool, sizeof(*new_response));
new_response->href = resource->uri;
new_response->status = HTTP_FAILED_DEPENDENCY;
new_response->propresult.propstats = propstat;
new_response->desc =
"An error occurred on another resource, preventing the "
"requested operation on this resource.";
new_response->next = *response;
*response = new_response;
/* manufacture a 207 error for the multistatus response(s) */
return dav_new_error(r->pool, HTTP_MULTI_STATUS, 0,
"Error(s) occurred on resources during the "
"validation process.");
}
return err;
}
/* dav_get_locktoken_list:
*
* Sets ltl to a locktoken_list of all positive locktokens in header,
* else NULL if no If-header, or no positive locktokens.
*/
dav_error * dav_get_locktoken_list(request_rec *r, dav_locktoken_list **ltl)
{
dav_error *err;
dav_if_header *if_header;
dav_if_state_list *if_state;
dav_locktoken_list *lock_token = NULL;
*ltl = NULL;
if ((err = dav_process_if_header(r, &if_header)) != NULL) {
/* ### add a higher-level description? */
return err;
}
while (if_header != NULL) {
if_state = if_header->state; /* Begining of the if_state linked list */
while (if_state != NULL) {
if (if_state->condition == DAV_IF_COND_NORMAL
&& if_state->type == dav_if_opaquelock) {
lock_token = apr_pcalloc(r->pool, sizeof(dav_locktoken_list));
lock_token->locktoken = if_state->locktoken;
lock_token->next = *ltl;
*ltl = lock_token;
}
if_state = if_state->next;
}
if_header = if_header->next;
}
if (*ltl == NULL) {
/* No nodes added */
return dav_new_error(r->pool, HTTP_BAD_REQUEST, DAV_ERR_IF_ABSENT,
"No locktokens were specified in the \"If:\" "
"header, so the refresh could not be performed.");
}
return NULL;
}
#if 0 /* not needed right now... */
static const char *strip_white(const char *s, apr_pool_t *pool)
{
apr_size_t idx;
/* trim leading whitespace */
while (apr_isspace(*s)) /* assume: return false for '\0' */
++s;
/* trim trailing whitespace */
idx = strlen(s) - 1;
if (apr_isspace(s[idx])) {
char *s2 = apr_pstrdup(pool, s);
while (apr_isspace(s2[idx]) && idx > 0)
--idx;
s2[idx + 1] = '\0';
return s2;
}
return s;
}
#endif
#define DAV_LABEL_HDR "Label"
/* dav_add_vary_header
*
* If there were any headers in the request which require a Vary header
* in the response, add it.
*/
void dav_add_vary_header(request_rec *in_req,
request_rec *out_req,
const dav_resource *resource)
{
const dav_hooks_vsn *vsn_hooks = DAV_GET_HOOKS_VSN(in_req);
/* ### this is probably all wrong... I think there is a function in
### the Apache API to add things to the Vary header. need to check */
/* Only versioning headers require a Vary response header,
* so only do this check if there is a versioning provider */
if (vsn_hooks != NULL) {
const char *target = apr_table_get(in_req->headers_in, DAV_LABEL_HDR);
const char *vary = apr_table_get(out_req->headers_out, "Vary");
/* If Target-Selector specified, add it to the Vary header */
if (target != NULL) {
if (vary == NULL)
vary = DAV_LABEL_HDR;
else
vary = apr_pstrcat(out_req->pool, vary, "," DAV_LABEL_HDR,
NULL);
apr_table_setn(out_req->headers_out, "Vary", vary);
}
}
}
/* see mod_dav.h for docco */
dav_error *dav_ensure_resource_writable(request_rec *r,
dav_resource *resource,
int parent_only,
dav_auto_version_info *av_info)
{
const dav_hooks_vsn *vsn_hooks = DAV_GET_HOOKS_VSN(r);
const char *body;
dav_error *err;
/* Initialize results */
memset(av_info, 0, sizeof(*av_info));
/* check parent resource if requested or if resource must be created */
if (!resource->exists || parent_only) {
dav_resource *parent;
if ((err = (*resource->hooks->get_parent_resource)(resource,
&parent)) != NULL)
return err;
if (parent == NULL || !parent->exists) {
body = apr_psprintf(r->pool,
"Missing one or more intermediate collections. "
"Cannot create resource %s.",
ap_escape_html(r->pool, resource->uri));
return dav_new_error(r->pool, HTTP_CONFLICT, 0, body);
}
av_info->parent_resource = parent;
/* if parent not versioned, assume child can be created */
if (!parent->versioned) {
return NULL;
}
/* if no versioning provider, something is terribly wrong */
if (vsn_hooks == NULL) {
return dav_new_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
"INTERNAL ERROR: "
"versioned resource with no versioning "
"provider?");
}
/* parent must be checked out */
if (!parent->working) {
/* if parent cannot be automatically checked out, fail */
if (!(*vsn_hooks->auto_version_enabled)(parent)) {
body = apr_psprintf(r->pool,
"Parent collection must be checked out. "
"Cannot create resource %s.",
ap_escape_html(r->pool, resource->uri));
return dav_new_error(r->pool, HTTP_CONFLICT, 0, body);
}
/* Try to checkout the parent collection.
* Note that auto-versioning can only be applied to a version selector,
* so no separate working resource will be created.
*/
if ((err = (*vsn_hooks->checkout)(parent, 0, 0, 0, NULL, NULL))
!= NULL)
{
body = apr_psprintf(r->pool,
"Unable to checkout parent collection. "
"Cannot create resource %s.",
ap_escape_html(r->pool, resource->uri));
return dav_push_error(r->pool, HTTP_CONFLICT, 0, body, err);
}
/* remember that parent was checked out */
av_info->parent_checkedout = 1;
}
/* if not just checking parent, create new child resource */
if (!parent_only) {
if ((err = (*vsn_hooks->vsn_control)(resource, NULL)) != NULL) {
body = apr_psprintf(r->pool,
"Unable to create versioned resource %s.",
ap_escape_html(r->pool, resource->uri));
return dav_push_error(r->pool, HTTP_CONFLICT, 0, body, err);
}
/* remember that resource was created */
av_info->resource_created = 1;
}
}
else if (!resource->versioned) {
/* resource exists and is not versioned; assume it is writable */
return NULL;
}
/* if not just checking parent, make sure child resource is checked out */
if (!parent_only && !resource->working) {
/* Auto-versioning can only be applied to version selectors, so
* no separate working resource will be created. */
if ((err = (*vsn_hooks->checkout)(resource, 0, 0, 0, NULL, NULL))
!= NULL)
{
body = apr_psprintf(r->pool,
"Unable to checkout resource %s.",
ap_escape_html(r->pool, resource->uri));
return dav_push_error(r->pool, HTTP_CONFLICT, 0, body, err);
}
/* remember that resource was checked out */
av_info->resource_checkedout = 1;
}
return NULL;
}
/* see mod_dav.h for docco */
dav_error *dav_revert_resource_writability(
request_rec *r,
dav_resource *resource,
int undo,
const dav_auto_version_info *av_info)
{
const dav_hooks_vsn *vsn_hooks = DAV_GET_HOOKS_VSN(r);
const char *body;
dav_error *err;
/* If a resource was provided, restore its writable state.
* Otherwise, only the parent must have been modified */
if (resource != NULL) {
if (av_info->resource_checkedout) {
if (undo)
err = (*vsn_hooks->uncheckout)(resource);
else
err = (*vsn_hooks->checkin)(resource,
0 /*keep_checked_out*/, NULL);
if (err != NULL) {
body = apr_psprintf(r->pool,
"Unable to %s resource %s.",
undo ? "uncheckout" : "checkin",
ap_escape_html(r->pool, resource->uri));
return dav_push_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
body, err);
}
}
/* If undoing because of an error, and the resource was created,
* then remove it */
if (undo && av_info->resource_created) {
dav_response *response;
/* ### should we do anything with the response? */
if ((err = (*resource->hooks->remove_resource)(resource,
&response)) != NULL) {
body = apr_psprintf(r->pool,
"Unable to undo creation of resource %s.",
ap_escape_html(r->pool, resource->uri));
return dav_push_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
body, err);
}
}
}
/* If parent resource was made writable, restore its state */
if (av_info->parent_resource != NULL && av_info->parent_checkedout) {
if (undo)
err = (*vsn_hooks->uncheckout)(av_info->parent_resource);
else
err = (*vsn_hooks->checkin)(av_info->parent_resource,
0 /*keep_checked_out*/, NULL);
if (err != NULL) {
body = apr_psprintf(r->pool,
"Unable to %s parent collection %s.",
undo ? "uncheckout" : "checkin",
ap_escape_html(r->pool, av_info->parent_resource->uri));
return dav_push_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
body, err);
}
}
return NULL;
}